Commit Graph

42448 Commits

Author SHA1 Message Date
Bernd Kuhls
ac22fafdc8 package/apache: security bump to version 2.4.35
Fixes: CVE-2018-11763: mod_http2, DoS via continuous SETTINGS frames
https://lists.apache.org/thread.html/d435b0267a76501b9e06c552b20c887171064cde38e46d678da4d3dd@%3Cannounce.httpd.apache.org%3E

Release notes:
https://lists.apache.org/thread.html/5d604774652fc073b1b161584d0d1efbdba7898c40ae2e2334725e5f@%3Cannounce.httpd.apache.org%3E

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-30 10:37:08 +02:00
Asaf Kahlon
61a1e02a89 python-engineio: bump to version 2.3.1
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-30 10:36:45 +02:00
Asaf Kahlon
496e9aa80c python-cython: bump to version 0.28.5
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-30 10:36:14 +02:00
Gilles Talis
fb2478086b iozone: bump to version 3_482
Reworked patch from Gustavo Zacharias to make it apply to this version

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-30 10:35:14 +02:00
Gilles Talis
1e2ca0455e httping: add license hash
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-30 10:35:02 +02:00
Gilles Talis
31e1768150 ocrad: add license hash
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-30 10:34:46 +02:00
Gilles Talis
803bc88a72 tesseract-ocr: bump to version 3.05.02
Also added license hash

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-30 10:34:36 +02:00
Gilles Talis
1fa0c70a1c leptonica: bump to version 1.76.0
Also added license hash

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-30 10:34:30 +02:00
Gilles Talis
d3d66a308f webp: bump to version 1.0.0
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-30 10:34:22 +02:00
Peter Korsgaard
63eb34fa12 bind: security bump to version 9.11.4-P2
>From the release notes
(http://ftp.isc.org/isc/bind9/9.11.4-P2/RELEASE-NOTES-bind-9.11.4-P2.txt):

 * There was a long-existing flaw in the documentation for ms-self,
   krb5-self, ms-subdomain, and krb5-subdomain rules in update-policy
   statements.  Though the policies worked as intended, operators who
   configured their servers according to the misleading documentation may
   have thought zone updates were more restricted than they were; users of
   these rule types are advised to review the documentation and correct
   their configurations if necessary.  New rule types matching the
   previously documented behavior will be introduced in a future maintenance
   release.  [GL !708]

 * named could crash during recursive processing of DNAME records when
   deny-answer-aliases was in use.  This flaw is disclosed in CVE-2018-5740.
   [GL #387]

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-30 10:34:13 +02:00
Asaf Kahlon
531650cdaf python-engineio: bump to version 2.3.0
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-28 22:39:04 +02:00
Fabrice Fontaine
8e4f6b2fc5 haproxy: security bump to 1.8.14
Fix CVE-2018-14645 (see
https://www.mail-archive.com/haproxy@formilux.org/msg31253.html)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-28 15:08:05 +02:00
Fabrice Fontaine
751837c84f xl2tp: bump to version 1.3.12
Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-28 15:07:55 +02:00
Peter Korsgaard
b054797eca ghostscript: security bump to version 9.25
Fixes the following security issues:

- CVE-2018-16543: In Artifex Ghostscript before 9.24, gssetresolution and
  gsgetresolution allow attackers to have an unspecified impact

- CVE-2018-17183: Artifex Ghostscript before 9.25 allowed a user-writable
  error exception table, which could be used by remote attackers able to
  supply crafted PostScript to potentially overwrite or replace error
  handlers to inject code.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-28 15:07:45 +02:00
Peter Korsgaard
2936442098 glibc: bump version for post-2.28 fixes
Carlos O'Donell (1):
      Fix tst-setcontext9 for optimized small stacks.

DJ Delorie (3):
      RISC-V: Fix rounding save/restore bug.
      Regen RISC-V rvd ULPs
      Improve ChangeLog message.

Florian Weimer (6):
      Linux: Rewrite __old_getdents64 [BZ #23497]
      error, error_at_line: Add missing va_end calls
      nscd: Deallocate existing user names in file parser
      nss_files: Fix file stream leak in aliases lookup [BZ #23521]
      regex: Add test tst-regcomp-truncated [BZ #23578]
      misc: New test misc/tst-gethostid

H.J. Lu (1):
      i386: Use ENTRY and END in start.S [BZ #23606]

Martin Kuchta (1):
      pthread_cond_broadcast: Fix waiters-after-spinning case [BZ #23538]

Mingli Yu (1):
      Linux gethostid: Check for NULL value from gethostbyname_r [BZ #23679]

Paul Eggert (1):
      regex: fix uninitialized memory access

Samuel Thibault (2):
      hurd: Add missing symbols for proper libc_get/setspecific
      hurd: Avoid PLTs for __pthread_get/setspecific

Stefan Liebler (1):
      Fix segfault in maybe_script_execute.

Wilco Dijkstra (1):
      Fix strstr bug with huge needles (bug 23637)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-28 15:07:30 +02:00
Asaf Kahlon
f1cf5da192 python-psutil: bump to version 5.4.7
Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-28 13:20:03 +02:00
Asaf Kahlon
6a161eff24 python-lmdb: bump to version 0.94
Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-28 13:16:25 +02:00
Asaf Kahlon
7f7cdf7e4d python-jinja2: bump to version 2.10
Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-28 13:12:06 +02:00
Asaf Kahlon
22cfee8d27 python-incremental: bump to version 17.5.0
Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-28 13:11:14 +02:00
Asaf Kahlon
af1d3d72d9 python-hyperlink: bump to version 18.0.0
Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-28 12:13:25 +02:00
Asaf Kahlon
8b28bb28bb python-automat: bump to version 0.7.0
Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-28 11:52:48 +02:00
Asaf Kahlon
29afd40b4b python-autobahn: bump to version 18.9.2
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-28 11:51:29 +02:00
Asaf Kahlon
cabaf8c5d1 python-attrs: bump to version 18.2.0
Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-28 10:35:29 +02:00
Fabrice Fontaine
169fc99ef2 haproxy: new package
HAProxy is a free, very fast and reliable solution offering
high availability, load balancing, and proxying for TCP and
HTTP-based applications.

http://www.haproxy.org

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 21:40:34 +02:00
Petr Vorel
061784404f ltp-testsuite: Bump to version 20180926
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 21:18:02 +02:00
Peter Seiderer
fb86b6f51e e2fsprogs: fix musl compile (__GNUC_PREREQ related)
Add void-linux provided patch to use __GNUC_PREREQ macro only
in case it is defined (patch taken from [1]).

Fixes [2]:

  In file included from ../../lib/ext2fs/ext2fs.h:97:0,
                   from feature.c:20:
  ../../lib/ext2fs/hashmap.h:20:19: error: missing binary operator before token "("
   #if __GNUC_PREREQ (4, 8)
                     ^
  ../../lib/ext2fs/hashmap.h:25:19: error: missing binary operator before token "("
   #if __GNUC_PREREQ (4, 8)
                     ^

Problem already upstream reported by Baruch Siach (see [3]).

[1] https://raw.githubusercontent.com/void-linux/void-packages/1f3b51493031cc0309009804475e3db572fc89ad/srcpkgs/e2fsprogs/patches/fix-glibcism.patch
[2] http://autobuild.buildroot.net/results/e49d9333086ed714fa193b79b49c53e9cc511fec
[3] https://www.spinics.net/lists/linux-ext4/msg62290.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 21:16:30 +02:00
Erico Nunes
e14102c6f2 linux-firmware: bump version and fix hash
Bump the package to the most up to date version and fix the sha256 hash.
linux-firmware was failing due to an incorrect sha256 hash, as follows:

Fetching all references
warning: redirecting to https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/
remote: Counting objects: 6972, done.
remote: Total 6972 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6972/6972), 196.63 MiB | 4.22 MiB/s, done.
Resolving deltas: 100% (4516/4516), done.
>From http://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware
 * [new branch]      master     -> origin/master
warning: redirecting to https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/
warning: refname '8d69bab7a3da1913113ea98cefb73d5fa6988286' is ambiguous.
Git normally never creates a ref that ends with 40 hex characters
because it will be ignored when you just specify 40-hex. These refs
may be created by mistake. For example,

  git checkout -b $br $(git rev-parse ...)

where "$br" is somehow empty and a 40-hex ref is created. Please
examine these refs and maybe delete them. Turn this message off by
running "git config advice.objectNameWarning false"
ERROR: linux-firmware-8d69bab7a3da1913113ea98cefb73d5fa6988286.tar.gz has wrong sha256 hash:
ERROR: expected: 905be20e4e2d7628dea4e2e99195520fc0cce8b247faabdc52fc44a3ff2ceb04
ERROR: got     : b9fce72a7b0b55eb311701dfd47914bc9e037134fa401d33e6e73ab9ebc9d116
ERROR: Incomplete download, or man-in-the-middle (MITM) attack

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 20:42:00 +02:00
Zoltan Gyarmati
d6fa6a45e1 quazip: upgrade to 0.7.6
Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 14:12:55 +02:00
Erico Nunes
88f3618de1 configs/pc: bump kernel version
Bump the kernel version to 4.18.10.
Tested with qemu 2.11.2 on bios and UEFI virtual machines.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 14:12:16 +02:00
Fabrice Fontaine
64673d4cfb nilfs-utils: drop NPTL dependency
The latest uClibc-ng version (1.0.30) provides clock_nanosleep() even
for non NPTL configurations.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 14:11:43 +02:00
Fabrice Fontaine
0dbab1bb45 nilfs-utils: no comment if BR2_USE_MMU is true
Don't display comment if BR2_USE_MMU is true
Moreover, move BR2_USE_MMU dependency at the top of dependency list

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 13:59:56 +02:00
Peter Korsgaard
97c4b80a0f sedutil: new package
Utilities to configure self encrypting drives that comply with the TCG OPAL
2.00 standard.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 13:59:09 +02:00
Peter Korsgaard
0a656bc065 wireguard: bump version to 0.0.20180925
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 13:58:50 +02:00
Fabrice Fontaine
1f5bec6fac ncmpc: fix build with gcc 4.9
Add upstream patch to fix build on gcc 4.9

Fixes:
 - http://autobuild.buildroot.org/results/e3b1b1bdad841c151b70294d517dc75c5305b0fe

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 13:57:58 +02:00
Giulio Benetti
67f3d9bdfa chrony: fix build failure due to missing inclusion of util.h
During build package stops with linker error:
hash_intmd5.o: In function `HSH_Hash':
hash_intmd5.c:(.text+0x963): undefined reference to `MIN'

This is due to missing util.h inclusion.
util.h contains MIN() macro definition.

Add upstream patch:
https://git.tuxfamily.org/chrony/chrony.git/commit/?id=948ecf84314f78da82e0e2b07b6570ca9cff86c8
to add #include "util.h" in hash_intmd5.c

Fixes:
http://autobuild.buildroot.net/results/8f0/8f0d53b1d5a899e56540c859b908cbc1eaa223d5/
http://autobuild.buildroot.net/results/3c6/3c609f94aff182c9ab47ef8ec4b9de03a4d20ffb/
http://autobuild.buildroot.net/results/f1f/f1fcae399fb640c19cf88c9333a92cbfab547932/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 13:57:34 +02:00
Asaf Kahlon
e670603f04 DEVELOPERS: add myself for python-lxml
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-26 19:51:45 +02:00
Fabio Estevam
fbfda3fc06 linux-headers: bump 4.{4, 9, 14, 18}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-26 19:50:59 +02:00
Fabio Estevam
a533b34468 linux: bump default to version 4.18.10
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-26 19:50:21 +02:00
Asaf Kahlon
d6d51c8a23 ccache: bump to version 3.4.3
Update LICENSE.adoc: change was zlib and year bump.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:30:48 +02:00
Asaf Kahlon
d911d97a91 python-lxml: bump to version 4.2.5
Also add hashes for license files.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:30:30 +02:00
Fabrice Fontaine
9c20d29094 cppzmq: bump to version v4.3.0
- move to cmake-infrastructure
- add patch to fix install without static libzmq
- add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:21:08 +02:00
Fabrice Fontaine
5208e9507f domoticz: depends on gcc >= 4.8
sleep_for is not always defined with gcc <= 4.7, see
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52680

To fix this issue, add a dependency to gcc >= 4.8

Fixes:
 - http://autobuild.buildroot.net/results/0dada8dd727f32a4500670f6620adb05943ed0b7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:19:48 +02:00
Thomas Petazzoni
a517df56d6 xlib_libXdmcp: add missing dependency on host-pkgconf
The libXdmcp configure script uses pkg-config, but the Buildroot
package does not depend on host-pkgconf. This is not seen by the
autobuilders most likely because another package that is always built
before libXdmcp builds pkg-config.

However, running:

$ make xlib_libXdmcp

triggers the following build failure:

checking pkg-config is at least version 0.9.0... ./configure: line 12323: /home/thomas/projets/buildroot/output/host/bin/pkg-config: No such file or directory
no
[...]
checking for XDMCP... configure: error: in `/home/thomas/projets/buildroot/output/build/xlib_libXdmcp-1.1.2':
configure: error: The pkg-config script could not be found or is too old.  Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.

This was detected using per-package target/host folders, because with
this, only the dependencies explicitly expressed by a package are
available to the package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:18:21 +02:00
Peter Seiderer
84bf4dfe2e gst1-rtsp-server: add missing license file hash
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:11:02 +02:00
Peter Seiderer
275d0e5e36 gst1-plugins-bad: add missing license file hash
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:11:02 +02:00
Peter Seiderer
10cc323260 gst1-plugins-base: add missing license file hash
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:11:02 +02:00
Peter Seiderer
53037671cd gst-omx: bump version to 1.14.3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:06:02 +02:00
Peter Seiderer
bb92f9afac gstreamer1-editing-services: bump version to 1.14.3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:06:02 +02:00
Peter Seiderer
fdec07b2b4 gst1-rtsp-server: bump version to 1.14.3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:06:02 +02:00
Peter Seiderer
6f8dea3f98 gst1-vaapi: bump version to 1.14.3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-09-25 23:06:02 +02:00